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An authentication system includes a portable ;informationj 
deyicersuch^as a smart card, thai is~ configured to store and 
process multiple different applications. The smart card is 
asagned^^^^^^-^^cate^which .containsadigital 
signature from a trusje^^^ 

public key. Each of the applications store<fon the smart card 
is also assigned an associated certificate having the digital 
signature of the certifying authority. The system further 
includes a terminal that is capable of accessing the smart 
card. The terminal has at least one compatible application 
which operates in conjunction with an application on the 
smart card. Tb^ terminal Js as signe d its owD _certificate^ 
which: als o ^ntains^he di^tah signature r from; th e_tru s ted^ 
certii)ang^toity and a unique puWi^ey.~Simi^y,-the 
^ppUcation^ofllie^^ digital 
certificate. During a transactional session, the smart card and 
terminal e^ange^meir certificates: ^authenticate one 
C^otherT-Thereafterra 
m^related ceiti fic^es-fOT bqth ^ e srn ^ c^^arffllication 
^amQhej4er^^ 

sm&fcj^drand'tex^ applications. 
Additionally, tfie^ardholder enters-a-unique -PINinto the 
terminaL The PIN is passed to the smart card for use in 
authenticating the cardholder. -The three-tiered authentica- 
tion system promotes security in- smart card transactions . 

21 Claims, 6 Drawing Sheets 
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AUTHENTICATION SYSTEM AND METHOD commences with a system startup phase. Since the card has 

FOR SMART CARD TRANSACTIONS 110 P ower su PP!y of its own > mc system startup phase 

consists of supplying power to the card and performing a 

TECHNICAL FIELD "cold** boot to establish communication between the card 

_ . . . . _ L1 . . . . 5 and terminal. Thereafter, the card and terminal enter an 

This invention relates to portable information devices authenticadoil phase where the terminal verifies that it is 

such as smart cards, personal digital assistants, pagers, and communicating with an authorized card. This usually entails 

other personal information managers, and the mechanisms me sraart card forwarding its own access code to the 

used to access these devices. This invention is particularly terminal for verification. Following authentication, one or 

well suited for smart card systems, including the smart cards more transactions are conducted and the card is removed 

themselves, cardholders, and terminals into which the smart 10 from me terminal, ending the session, 

cards are inserted for various transactions. More particularly, ^ TOnvcntional smart ^ systemS) nowever> the cards 

this invention relates to systems and methods for authenti- ^ ^ ^ d to hoW just 0QC applicadoil . 0ne smart 

eating smart cards applications, cardholders, and terminals ^ might be used for a banking/financial application, while 

to protect against fraudulent transactions. ^ smart ^ ^ defeated to a security appli- 

BACKGROUND OF THE INVENTION cation for entry to a building or workplace, while yet another 

smart card might be dedicated to a health related application. 

Authentication systems are used for security purposes to ja these conventional systems, the authentication phase 

verify the authenticity of one or more parties during a consists only of verifying that the card is suitable to talk to 

transaction. Traditionally, authentication systems have been tnc terminal, typically via the internal access code, 

manual, involving simple personal recognition or quick Unfortunately, there is little or no standardization in the 

verification of the party via some form of additional iden- sm art card arena, and thus many different non-compatible 

tification. One very familiar authentication process occurs systems are in existence today. This lack of standardization 

when purchasing an item with a personal check. The sales has impeded efforts to produce a smart card capable of 

clerk will process the check only if he/she recognizes the 25 handling multiple applications. 

person writing the check or if the person presents another M smart caxd$ evolve> however, they are expected to 
piece of identification (e.g., a credit card, or driver's license) multiple applications— such as banking, travel, retail, 
to verify the authenticity of that person who is offering the securit y, identification, health care, and electronic benefits 
check. Another common manual authentication process transfer—on the same card. The same smart card will be 
might occur in an apartment building or at work where a 3Q used t0 < i epos [ i or withdrawal money from an ATM, keep 
person is authenticated by a security guard or receptionist tracfc of fr eq Ue nt flyer mileage, permit entry into buildings, 
through visual recognition. store me cardholder's health information, and enable pur- 
Some authenticating systems are electronic. A familiar cna se of goods and services. With multiple applications, the 
electronic authentication system is used in a common ATM number and complexity of security issues rise. For instance, 
(Automated Teller Machine). Bank members are issued 35 the cardholder does not want his/her employer's entrance 
special ATM cards for use in the ATMs to permit automated security system which interfaces with a security application 
access to the member's account The ATM cards that are on the smart card to gain access to sensitive health care 
primarily in use today consist of magnetic-stripe memory information stored on the same health card, nor does the 
cards that have a single magnetic stripe on one side. The cardholder wish for his/her a doctor to use the health care 
magnetic stripe contains information regarding the bank, the ^ application to gain access to personal financial information, 
member, and his/her account To guard against unauthorized K is therefore one object of this invention to provide an 
access, the member is also given a multi-digit password or authentication system for ensuring the security of the smart 
PIN (Personal Identification Number). The member inserts card the applications contained thereon, 
the mag-stripe card into the ATM and enters a fow digit Becausc ^ smkrt card transactions are conducted 
password or PIN (Personal Identification Number). The PIN 45 electronically, there is an additional need to ensure for the 
authenticates for the ATM that the person standing at the sjnart ^ mat ^ tennhul ^ for me information is 
ATM is the member who owns the inserted ATM card (or an authenticate? md not a fraudulent machine. In other words, 
authorized person representing that member). there is a need for an authentication system that enables a 
Mag-stripe cards are limited, however, in that they are smart card and terminal to trust each other, as well as 
single purpose cards. For instance, one mag-stripe ATM card 50 verifying that the present cardholder is authenticate. It is 
is used solely for interfacing with a bank ATM, while another object of this invention to provide such an authen- 
another mag-stripe card is used solely for frequent flyer tication system. 

mileage, while another mag-stripe card is used solely for rNTVRNTrOM 

making long distance telephone calls. SUMMARY OF THE INVENTION 

Today, there is a movement toward use of "smart cards" 55 This invention provides a smart card authentication sys- 

Instead of mag-stripe cards. A "smart card" is^a credit card tern that verifies the user, smart card, application, and 

mat'fiis^b^t-in^micrcw which enables the terminal. 

card to modify, or ey, en create , datiTin^reipdnse to external In one preferred implementation, the system has a smart 

r stimuiL Jnie^n ^ card that is configured to store and process multiple different 
circlSt^ 60 applications. The smart card is assigned its own digital 

cardrrTN J ~ " — — — certificate which contains a unique public key and a digital 

By virtue of the resident on-chip processor, smart cards signature from a trusted certifying authority. Each of the 

are self- validating and can authenticate various passwords applications stored on the smart card is also assigned an 

off-line without connection to a back end computer. Some associated certificate having the digital signature of the 
conventional smart cards perform an authentication proce- 65 certifying authority. 

dure during each "session**, which is the period of time that The system also includes a terminal that is capable of 

the smart card is inside of a compatible terminal. The session accessing the smart card. Hie terminal has at least one 
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compatible application which operates in conjunction with FIG. 4 is a diagrammatic illustration of an initial step of 

at least one corresponding application stored on the smart an authentication process of this invention involving the 

card. The terminal is assigned its own certificate which exchange of digital certificates between a smart card and 

contains a unique public key and the digital signature from terminal. 

the trusted certifying authority. Similarly, the application on 5 fig. 5 is a diagrammatic illustration of another step of the 

the terminal is given an associated digital certificate. authentication process involving the exchange of 

During a transactional session, the smart card and termi- application-related digital certificates between a smart card 

nal exchange their certificates over an unsecured communi- and terminal. 

cation path. The path is unsecured in the sense that any party FIG. 6 is a diagrammatic illustration of another step of the 

can intercept and decipher the message. Following this 10 authentication process involving the authentication of a 

exchange, the smart card and terminal each process the cardholder via his or her PIN. 

other's certificate to verify the authenticity of the other. After FIGS. 7 and 8 present a flow diagram of a method for 

this initial authentication, a secure communication path is authenticating a transaction between a smart card and a 

established between the smart card and terminal using terminal. 

encryption techniques and each others' public keys. While « pj G 9 is a flow of a for conducting a 

third parties might still be able to intercept the encrypted smart card transaction using a multi-level security protocol 

messages, they would not be able to decipher them. according to another aspect of this invention. 

Thereafter, an application is selected and the application- 

related certificates of the smart card application and terminal DETAILED DESCRIPTION OF THE 

application are encrypted and then exchanged over the 20 PREFERRED EMBODIMENT 

secure communication path. The smart card and terminal Tti& inventioil authentication schemes and is 

then authenticate the application using the exchanged cer- described ^ ^ preferred context of smart cards. However, 

tificates - this invention may be used in conjunction with other small 

As a further level of security, a unique PIN is assigned to programmable portable information devices, in place of 

the cardholder. During the transactional session, the card- smart cards. Such portable information devices include 

holder enters the PIN into the terminal, which then passes pagers, personal digital assistants, personal information 

the PIN to the smart card The smart card compares this PIN managers, and programmable watches. One notable watch 

with the correct PIN kept in its memory to authenticate the that can be used in the context of this invention is the 

cardholder. commercially available Timex® Data-Link® watch. As 

According to another aspect of this invention, a multi- used herein, "portable information device" means a smalL 

level security protocol is established based upon the types portable, electronic apparatus that has limited processing 

and inherent security of different terminals. The security capabilities, limited or no power resources, limited rewrit- 

protocoi enables the smart card to be used in many diverse able memory capacity, and is designed to interface with 

applications, from transferring large sums of money 35 external read/write equipment. 

between bank accounts to purchasing a fifty cent soda pop. FIG. 1 shows a smart card 10. It is the size of a credit card 

According to the protocol, security levels are assigned to and has a built-in microcontroller (MCU) 12 which enables 

different types of terminals. The security levels have as so- the card to modify, or even create, data in response to 

dated value limits that are imposed for any transaction external stimuli Microcontroller 12 is a single wafer inte- 

occurring at the respective terminal. The certificate assigned ^ grated circuit (IC) which is mounted on an otherwise plastic 

to a particular terminal contains information pertaining to its credit card. Conductive contacts 14 are shown formed on the 

type. From this information, the smart card can determine IC to enable interfacing to external read/write equipment In 

the security level for that particular terminal The smart card other embodiments, however, the smart card can be config- 

then limits the value of the transaction in accordance with ured without physical contacts^S^h^contactless_cards 

the guidelines associated with the security level. 4 5 = recHve:Mormationiyi^proxiim 

According to another aspect of this invention, a smart card ccouplin gj_or^via ^emot 'e~couplin g=(erg j^r adi 

that is specially configured to operate in the authentication comm^mication)..A.smart_card is phy^c^y-constructed in 

system is described. It is noted that although.the_smart card accordanc e^with 'the^ 

^embodim^ nHs^preferred, j^cts oFthls mventi^can sbe governssize and bend^ble limits of the plastic caret as well 

iiripl?mfD^-*^^p^ 50 assize and locatioTofj^sfl icon inte grated circuity 

Ofcvic|sjigsuc^^ FIGr2~shows~smart card microcontroller IC~12 in more 

decfemc-px.^^ detail. It includes a CPU 20, a volatile rewritable RAM 

According to^ano?ie?a^e^rof this invention, a method (Random Access Memor y) 22, a ROM (Read Only 
for authenticating a transaction between a smart card and Memory) 24, and an EEPROM (Electrically Erasable Pro- 
terminal is also disclosed. 55 grainn^blcjROM) -26..A.set-ofcBP -ports-28-are- interna lly 

According to yet another aspect of this invention, a t%my^ 

method for conducting a smart card transaction using a ^-are recced froin jie external.acc g^equipmentAs 

multi-levd security protocol is described. " exarnplerclock; reset, power, data I/O, andgroundyare 

provided at I/O ports 28. One suitable microcontroller-based 

BRIEF DESCRIPTION OF THE DRAWINGS 60 single-wafer IC that can be used in smart cards is available 

from Motorola Corporation under model number 

FIG. 1 is a diagrammatic illustration of a smart card. MC68HC05SC21. In this chip, the data I/O is serial. 

FIG. 2 is a block diagram of a microcontroller integrated In this invention, smart card 10 contains multiple different 

circuit used in the FIG. 1 smart card. applications and can be concurrently used in many different 

FIG. 3 is a diagrammatic illustration of an authentication 65 domains.-For-instoc^ 

system in the context of an ATM banking system according fina^iai^o^rfOTtenMng purposKpmaintain medical inf or^^ 

to an example embodiment of this invention. ^ma tion for use b y health care providers, trade frequent flyer 
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mtteageTfo^ ^tion-arena^-The-cerffic^ and 

entrance Into secure facilities, manage electronic benefits, v or trusted^thirjrjaTty, known, as me "c^rtrrying authority", 

organize account .information for routinely paid services Every participant, including the smart card, the terminal, and 
such as cable^fy. RpM 24 stores the multiple applications, ^"the cardholder, trust the certifying aumority.-Examrjie cer- 

^TruVmvention-Conccms-an-M^ which Xs^m^g'a^ include the 

verifies the authenticity of the interested components prior to \federal reserve oi^a bank.- — 

conducting a transaction. For purposes of continuing Each assigned certificate contains an expiration date, the 

discussion, aspects of this invention will be described in the holder's serial number, a public encryption key unique to the 

context of employing smart cards to manage financial data. holder, information pertaining to the domain or environment 

m^mis_context,-one of-the appUcatidlisltored on.me.srnart 10 within which the holder may operate (e.g., financial, fre- 

cardsj«lates.tO-managing bankihgahd other financial data. quent flyer, health, etc.), and any omer information appro-y 

HO^shows a smart card authentication system 30 in the /F^te to establish communication. Thus, the smart card has 

context of an ATM banking system. Srrm.cai^_autiientica- :its:p^:udque^blic,key, as t does_ me terniin aUno^each 

tion system 30 includes ^mart^card 10 and a^SuTcard ^^ycatiojp- 

terminal 32, which is embodied a s an A TM. The ATM has a^ ^Before continuing discussion on the authentication 

^card reading slot 34; a~ keypad 36 r amTa display 38? The system, it would be beneficial to briefly discuss encryption 

terrninal has software resided thereon, ^crj>n a remote techniques, and how the digital certificates are used. There 

on-ljtoe"cornrwter, wruchxonsists of-at-least one application are different encryption techniques available and in use 

that is^mpa^le^androperates in conjunction, with trie today. This invention can be used with any type of encryp- 

corresponding financial application stored on thejmart card. 20 tion technique. For the sake of explanation, the basics of one 

WieTlhe^clrdr^der wishes to make^a financial common encryption technique known as "RSA" (an acro- 

transaction, the cardholder begins a transactional session by nvm based on the initials of the creators of the encryption 

inserting smart card 10 into a card reading slot 34 of the algorithm) are described below. 

ATM. A "session" is the period of time that the smart card 25 RSA encryption makes use of special mathematical func- 

is inside terrninal 32. The session commences with a system tions referred to as "one-way" functions. According to 

startup phase. Since smart card 10 has no power supply of one-way functions, one or more starting parameters can 

its own, the system startup phase consists of supplying undergo a function to yield an intelligible result, but the 

power to the card and performing a "cold" boot to establish inverse function operating on this result will not produce the 

communication between the card and terminal. The terrninal 3Q starting parameters. In mathematical terms, a one-way func- 

sends a reset signal and the card responds to the reset signal tion is represented as follows: 
to establish communication modes and options. 

Since the smart card 10 stores multiple applications, a F(fl> ^ ^^ipy^. 

targetapplicationis selected frorn among the multiple appli- ^ m ^ ^ ^ ^ 

c^ons.m theconunmngex^le, Ae tarpt ar^UcaUon is 35 m ^ iQ ^ tQ 

the financial apphcauon. The target application might be ^ ^ encr ^ ^ f ^ e ^ y set is ^ ue 

selected in a number of ways, induding both manual and ^^^^^ oneknows me public key 

automated techniques. For example the smart card itself one ^ me rivate ^ jr p 2tey 

might select the target apphcation fcat is suited for the f( £ eve ^ one V u ^ wnile me ^ 

particular terrninal. Alternatively, the ^ermmal mi^tdeade „ g^J^, kept sccrct by \ t holdcr . 

W ^ ° f ^ W^ 3 *?™/** ° n * e f™* ™f Fc7a^essageM that is encrypted via an encryption 

patible with the application resident at the terminal. As function E using one of the keys K, the following holds for 

another example, the user might select the appropriate ^ ^^j,. 
application at the beginning of a session. 

Thereafter, the smart card and terminal enter the authen- 45 EiK^^ *a=ju wii , Jjit ^ f , 
tication phase which is the primary subject of the this 

invention. During the authentication phase, the terminal M*Mayj*mi_i)=M 
verifies that it is communicating with an authorized smart 

card, and the smart card verifies that it is talking to an ^ 

authorized-terminals According to an aspect of this 50 eck M )*w 

Cinventionrme aumenticationjiha^^ 9merypmd - x 
seiectefterpt^^H^orrthat is resifcnt~o_n_4^smart-card^ Additionally, 
Cas wellaslhe cornpatibTe~a^lication resident on the termi- 
nal: Moreover, the authentication technique of this irrwntion M^^^^u 

(^authenticates the cardholder to the smart card. Thisjnaultiv^ 55 

"level authentication promotes highly secOTe'transa^fions. E ( K p*uic> w^^^Hf 

To enable such high security authentication, the authen- 
tication scheme of this invention involves assigning unique 

identifications to the smart card, terminal, cardholder, and E(K prtmt AC w * wI _ 2 )*M 

each application on the card. At their simplest form, the 60 

unique identifications might consist of special passwords Accordingly, in the context of our ATM example, if the 

assigned to each of these participants. In the preferred smart card encrypts a message using the terminal's public 

implementation, however, digital certificates are assigned to key, only the terminal can decrypt it Conversely, if the smart 

the smart card, terminal, cardholder, each application on the card encrypts a message using its private key (which only 

card^and the ap plication (s) stored 0 n_the_ term i nar A digital 65 the smart card can do since no one else has access to this 

certificate is a packet of ^umque informationrin digital-data private key), any other party can decrypt the text using the 

form toa£is4«e3'fOT4dentificatio^^ encryp- smart card's public key which is widely known. 
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To establish communication, the smart card uses the smart card and terminal can be assured that it is the other 

terminal's public key that it received in the terminal's legitimate party if the certificate deciphers into intelligible 

certificate to send a message. Only the terminal can decrypt information. It is practically impossible for either the ter- 

the message using its private key. Similarly, the terminal can minal <>* smart card to construct a fraudulent certificate 
encrypt a reply message using the smart card's public key 5 because neither knows the private key of the certifying 

and only the smart card can decrypt the message. This raises authority. 

a new issue. When the tenninal or smart card receives an u Jo wn *? ue <*fcussion of the auftentication process of 

encrypted message that is supposedly from the other, how thus mvenUon p ease refer to FIGS 4-6 which dxagcam- 

, J * . . 5 , ,v i •* ~ e +u maucally illustrate authenticating a financial transaction at 

docs the receiving party really know rf it came from the ^ card XaBda ^ L Following the startup phase, 

other.. . smart card 10 and terminal 32 exchange their respective 

To solve this dilemma, encryption algonthras infroduce ^ & 0Vin & na 4 . More particularly, smart card 

"digital signatures'* which are employed to ensure that the 10 sends its card-related certificate 40 to terminal 32 and the 

appropriate parties are communicating with each other. terminal sends its terminal-relates certificate 42 to smart 

Thus, when the smart card encrypts a message using the cai d 10. These initial certificates are sent over an open, 

terminal's public key, it tags a personalized digital signature 15 unsecured channel. 

onto the message. The smart card encrypts the combined It isnbted that the communication channel in-an ATM-is. 

message using its own private key. The resulting commu- iurely:to,be.a direct or r^oxmiaTcoupHng tetween the smart ; 

nication is represented as follows: card and terminal. However, ^another implementation, a 

termmal_migHt be communicating rernotely with a^personal 

E(Ksc-prhoi* ^r^Mttf M)+sc signature) 20 (Ugi^a^ssistaiice^.watch viaja^ pr 'cptic^l cornmuhica- 

r tidn. Accordingly, tfJs / invention contemplates various elec- 

The terminal receives the communication and decrypts it Z-tronidia^n^ exchanging certificates 

using the smart card's public key. This decryption yields a over m unsecured communication path, including direct and 

scrambled part that contains the encrypted message and a remote coupling. An example direct exchanging means 

legible part that consists of the smart card's signature. Since 25 includes hardware and software in the terminal's and smart 

the communication was decrypted using the smart card's card , s q,^ far coordinating digital transfer of certificates 

public key, it follows from the above discussion of the oyer physical conductors present in both the terminal and 

one-way encryption function E that only the smart card smart Example remote exchanging means include 

(using its private key) could have encrypted the entire components (hardware, software, transmitters, receivers, 

communication. Thus, upon seeing the smart card's digital 30 etc ) used to eQable ±G swapping of certificate using optical 

signature, the terminal is assured that the communication transm^^ ra dio transmission, magnetic transmission, or 

truly came from the smart card The tenninal discards the infrared transmission. 

digital signature and then decrypts the other part using its ^ shown ^ nG ^ termma i 32 and smart card 10 use the 

own private key to obtain the original message M. certificates to establish the authenticity of each to the other. 

Note that any party can intercept the communication 35 ^ smart card, - far exaniplerha^^ 

between the smart card and terrninal and use the smart card' s loao^ mi&GPWdecipher the certificate froWte rminal 

public key to determine that the communication came from usmgftft^certjfyin^ 

the smart card. However, that intercepting party cannot q^criWaSoveTThe sm^ca rd CTU grl^me id^ry of 

decipher the encrypted message because they do not know ±e terrnih^^me c^teredj^ 

the terminal's private key. 40 smart^caid^vei^mejm^ 

This encryption scheme therefore ensures for the receiv- ten&naLhas-a-s^^ 

ing party (i.e., the terminal in this example) that the com- <^5£3martl^ 

mu nication is from the desired sending party (i.e. , the smart ThVsln^ carcfa^ public 

card) and that only the receiving party can read the original kgy^*^ 

message. 45 c 0 mmuBcati6n~c^ 

The encryption scheme only works, however, if the ter- Mough outsit can st^ not 

minal and smart card trust each other's identity. ^\ able t g decBherSharrfor fie reasoiis^ve^:above"oMng 

Accordingly, the "certifying authority" is introduced as a ^ssion of basic en^uonts^rnes: " 

trusted third party to the transaction. The terminal and smart ^^FKT5 also shows^econll^thentication level according 

card each prove their identity to the satisfaction of the 50 t0 th^m^eiu^nfOnce communication between the smart 

certifying authority and deposit their public keys with this card and terrninal is established, one of the many applica- 

authority. In turn, the certifying authority issues a digital don$ stored OQ ^ smart ^ is selecte<t jjj our continuing 

certificate that contains an expiration date, the holder's serial example, the financiaVbanking application on the card is 

number, a public encryption key unique to the holder, se i ec ted from among other appUcations (such as frequent 

information rxrtaining to the domain or environment within 55 flyer mileagCi nealth etc0 t0 interface with the com- 

which the holder may operate (e.g., financial, frequent flyer, patiblc financial/banking appUcation resident at the ATM 

health, etc.), and any other information appropriate to estab- tenninal. The appUcation-related certificates 46 and 48 asso- 

lish communication. The identification information is ^ ^ sdected applicatio n ^e then exchanged 

encrypted using the certifying authority's private key, as between terminal 32 and smart card 10 over encrypted 

follows: go channd;44.JThese application-related certificates 46 and 48 

„ ~„ ^ . . ^ . „ . „ arje^uiejpto-aliu^^ at~ttie^> 

^cation-firmwareinJhe_sinartj^rdGPU an^imllaT;Sofrware 
During the initial communication in the authentication at^thezterrninal-use-me^idejirMcari 
phase, the smart card and terminal exchange their certifi-^e^^changtt^ 

cates. Both the smart card and terminal decipher the other' s^Xselected card application and u^e coinpalu^^miinal^pp]^ 
certificate using the certifying authority's public key. The catiqn^ 
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The additional, application level of authentication into anything. At step 110, the card-related certificate is 

enhances security by preventing an unscrupulous party from passed from the smart card to the terminal. Concurrently, the 

placing a fake application on an otherwise authenticated terminal-related certificate is passed from the terminal to the 

terminal or smart card. For instance, a high-tech thief might smart card (step 112). The smart card and terminal authen- 

try to program a smart card with an imitation appHcation 5 Ucate each other bascd ^ Moimat ion and digital 

designed to access and alter bank records. If ^ —on ^ ^ ^ certificates (steps 

application does not have the necessary certificate and e ° 

digital signature of a certifying authority, the terminal will m 

quickly ascertain that it is not an authenticate application Through the use of encryption techniques, the messages 

and reject the smart card as fake before conducting any 10 between the terminal and smart card can now be sent over 

transaction. a communication path that is considered to be secure from 

Similarly, the application level authentication helps pre- the standpoint that third parties will be unable to decipher 
vent transactions from occurring at a fraudulent terminal. ^ exchanged messages (step 118). At step 120, the card- 
Suppose, for example, a person was able to load an imitetion holder ^ piN at ^ terminaL The PIN is passed 
appkeauononanom^ 15 from the terainal t0 ±c smart ^ so mat the smart card can 
intention of gaining access to banking records kept on ....... , . J --.v 

peoples' smart card! If the smart card determines that the ««benticate the user (steps 122 and 124). 

terminal-resident application is not authenticate, it will cease At step 126, one of the applications stored on the smart 

all communication and forego conducting any transaction. card is selected. As noted above, this selection might be 

It is noted that the decr>^on/verification intelligence 20 made by the user, the smart card, or the terminal. The 

provided at both the smart card and terminal form an application-related certificates are then exchanged between 

example authentication means for verifying the authenticity mc smart card and terminal (step 128). The identity infor- 

of the smart card, terminal, and applications to each other. mation and ^tal signatures of me certifying authority 

HG.6showsa^ contained in the certificates are used to authenticate each 

this invention. Tlius far only_me.card,.tenmnal, and appli- 25 , „ , t . , 

cation have bee'n authSticated. It is also desirable to verify apphc^n^(step-130).,After_all Jhree levels of 

mat-rae persoTTelju^^ aufoejitic^on^rnart~c^ and 

carclholder. A unique PTN (Personal Identification Number)^ application— the desired transactions) is performed (step 

50-islSsigned to the cardholder^Dur^ 132) using encrypted information exchanged between the 

*phase r a user is requested to enter his/her PIN 50 via input 30 terminal and smart card. 

J^d36.Termmal32passesPIN ^ ^ above ATM example, the three-tiered authentica- 

4<Lso_that Jt can verify the iaenU^^cardho^ tion temis used it ^ elds ahighest seC urity leveL 

smart^card compares the entered!^ wi^ & ^ applications and environments 

associated with the true cardholder. If the: entered PIN/ ^ ^ \ T~ ^uuiuuid «uu cuvuuiuucuu, 

rrrft^meuserisdeemeda^ 35 where sudl ^ secunt y 15 not ^Portant For instance, 
third authentication level even further improves security as^ suppose that a terminal is configured as a soda pop machine. 

-^^^^^^1 ^^ ^ terming; apptication, » would be desirable to permit the smart card to make the 

*- — and^er7^r^§uuiettU^6eW ^ ^ purchase of an inexpensive soda pop drink without having to 

... The transaction phase of the session is preferably con- go through the multiple authentication steps. In this case, it 

£ ducted only after me - multilevel authentication^ phase is 40 might be enough security to simply authenticate the terminal 

completed. Hef]^^ / by examining if it has an unexpired certificate, 

only-after-^ appUcation, and user leads t0 another ^ of ^ mvent lon. The authen- 

have been authenticated. Only then will sensitive informal . . . - . . . _ 

^tion-be-peairted^ flow between the smart card and' bcation ^ sXem of ^ 1DveDtlon can be configured to 

terminaL This information is likewise encrjpted^anTsent 45 accommodate different secunty levels. Preferably, the secu- 

over secure channel 44. When all-desired transactions!^ rit y levels are established based upon the type of terminal, 

conducted, the card is withdrawn from the^ATM terminal In general, there are three types of terminals: unsecured, 

and JhTsession is terminated. secured off-line, and secured on-line. An unsecured terminal 

%GSr7 and 8 r show a method for authenticating asmart^ is one that has not been authenticated. A secured off-line 

card transaction according to this invention. At step 1003" 50 terminal is one that is an off-line stand alone machine (Le., 

certificate~is J assigned to the smart card. The card-related^ one that is not connected on-line to another computer 

^certificate 7 haTalugital sijgnature of a certified aumority and^ system) which has been authenticated by an unexpired 

a pubHak^ump^to the card for use in data encryptionTAt-" certificate. A secured on-line terrninal is one that is on-line 

step" 102^1 a certificate is^signed to the ;texminaL In a like another computer system and has been authenticated by 

.manner^ me terrni^ 55 an unexpired certificate. 

x tureof thVceru^edluJhority and a public_key„unique.to_the . ™ a - t «™,™i . . , , „ . «... 

ierriu^^te£^ . J** of ls ^ add f ed 35 ******** 

a^cat&g^lo^^ information contained in the ter^nal-related certificate, 

thl^eilrli^ Different security levels are established based upon these 

tains a &£tal^ature oflhe certified aumoritylinTapubUc^ 60 terminal t ^ es ' Dunn S a transaction, the appropriate secunty 
key4in^ue.toz:me^so^ted.applicationrAt step^^a^ lcvel is as(XIiain * i by the smart card based upon the 
unia^uelPg^irassigned to the cardhold er ^ / — terminal type information contained in the terminal-related 

At ^ste^IOSr^a^fra^ac^cS'sesTion is commenced certificate. In addition, value limits can be set for associated 

between the smart card and the terminal. In our ATM security levels for any transaction that is conducted during 

example, the session commences when the smart card is 65 a transactional session. The following table provides an 

inserted into the card reader slot of the terrninal; although in example implementation of a five-level security protocol 

other implementations, the card may not actually be inserted according to this invention. 
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Security 

Level Terminal Type 



Value Example Application 



0 


Not Authenticated 


0 Dispatch Name, 






Address of Fnra 


1 


Off-Line; Authenticated via 


S$5 Soda Pop Machine 




Unexpired Certificate 




2 


On-Line; Authenticated via 


£$50 Purchasing Tickets 




Unexpired Certificate 


for Sporting Event 


3 


Off-Line; Authenticated via 


No Long IHstance 




Unexpired Certificate and 


Limit Telephone Call 




User PIN 




4 


On-Line; Authenticated via 


No AIM Transaction 




Unexpired Certificate and 


Limit 




User PIN 





10 



15 



FIG. 9 shows a flow diagram of a method for conducting 
a smart card transaction using the security levels from the 
above table. At step ISO, the five security levels are estab- 
lished based upon the different categories of terminals. At _ — - 

step 152, the smart card determines the type of terminal 20 earlier versions of a smart cardrThe jile systems are pref- 



applications. For example, the same smart card can be used 
to transfer thousands of dollars between bank accounts or to 
buy a fifty cent soda pop drink. By limiting the dollar 
amount of transactions in less secure terminals, the smart 
card protects the cardholder's assets from any attempt to 
gain fraudulent access to them. 

Another aspect of this invention concerns a smart card 
that is constructed to operate within the authentication 
system described above. With reference again to FIGS. 1 
and 2, smart card 10 of this invention has memory (in the 
form of RAM 22, ROM 24, EEPROM 26, and possibly 
some limited memory within CPU 20) which can be used to 
store its card-related certificate, multiple applications, and 
corresponding application-related certificates for each appli- 
cation. As noted above, these applications may be in many 
diverse environments, including health care, financial/ 
banking, frequent flyer, etc. One application might also be in 
the form of a file system capable of maintaining data in 
multiple different files. Such an application enables newly 
issued smart cards Jo be backwards compatible to emulate 



erably constmcte^ incompliance with tHe standards set forth 
in BOi7ai6. ^ 

Srnart^card-lOcalso^has a processor 20 which is pro- 
grammed to: (1) output tfie~jcard-relate^cert^ to a 
tenmnaljuioUqreceive atenm^-rdate^c^rtmca^fremme 
terminldj^^-authe^^ upon the 

received termmal-related-certifi^ applica- 
tion from- ambng me multiple applications stored in the 
memory f(4) output an application^related certificate for the 
selected target application and receive an application-related 
■ce^ate^ : 2rcaiespom^ag application resident at the 
terminal that is compatible wiuYmeselected application; and 
(5) auttfenfic^ 
^pon:thejje^ive!i^pfo 



(from the terminal-related certificate) and ascertains the 
appropriate security level. Depending upon the security 
level, the authentication system limits the value of a trans- 
action in those instances where low security terminals are 
involved. 25 

At decisional step 154, it is determined whether the 
terminal is unsecured, thereby having a security level 0. If it 
is (i.e., the "yes" branch), there is no way to authenticate the 
terminal (step 156) and thus no way to trust the terminal. As 
a result, the smart card will only output public information, 30 
such as the cardholder name, address, and social security 
number (step 158). 

If the terminal is not at security level 0 (i.e., the "no" 
branch from step 154), the terminal is checked for the next , ,~ — - * ^-w-^— ix — 

security level 1 at step 160. If the terminal is an off-line ^^W^^^T'^F^^^^ 

terminal which has an unexpired certificate but does not ™» to ™ bl Z£^^. f^^SF^ °Pf ^ 

. „lr T _ Z j .ui. In addinonrthe smart card:is construc ted-to authenticate^ 

requn-e a PIN entey the smart : «*■ taugu^ lomnd ^g^oM^^c^ 

as having a security level 1 which requires authentication of - \\ . OTVr . . . wwwtu^ 

the terminal and application (step 162). Since there is less ™* sjo^-its.memory. When . tie entered 

1 . ^ 7^ 7 > , F * } , . t _ ^Tr PTN-is : received from the terminal, the smart card' compares 
security in an off-hne terminal, the value limit for any^^^J^^ 

transaction at a level 1 terminal is less than or equal to five 



dollars (step 164). 

At step 166, the smart card ascertains whether the termi- 
nal has a security level 2, meaning that the terminal is an 
on-line terminal which has an unexpired certificate but does 45 
not require a PIN entry. If the terminal meets this profile, the 
smart card authenticates the terminal and selected target 
application (step 168) and all transactions are limited to a 
slightly higher amount, say $50 (step 170). 

At step 172, the smart card examines whether the terminal 50 
satisfies the profile for a security level 3, which is an off-line 
terminal having an unexpired certificate and requiring a PIN 
entry. If it satisfies the profile, the full three-level authenti- 
cation scheme described above in detail is undertaken to 
authenticate the terminal, smart card, application, and card- 55 
holder (step 174). In this^ example, the value of this trans- 
action is not limited to a specific dollar amount (step 176). 

Finally, at step 178, the smart card determines whether the 
terminal is at the highest security level 4, meaning that the 
terminal is an on-line terminal which has an unexpired 60 
certificate and requires PIN entry. If the terminal is a level 
4, the full authentication process is used (step 180) and the 
transactional value is not limi ted (step 182). 

fThe^muIti-leveFsecuriry protocdrpromotes_var^g^ 
degreeTof security;depending upon the type^ofiermin^jLn^65) 
transactiontto be undertaken. As a result, the smartcard' has 
tremendous flexibility-and can be' used for many diff^nt 



the entere4 PIN with the stored PIN to verify ^authenticity 
of the cardholder. /^^^^ 

The invention is not limited to the specific embodiments 
described in this specification, but shall be construed to 
cover equivalent embodiments. 
We claim: 

1. A method for authenticating a transaction between a 
portable information device and a terminal, the portable 
information device storing a device-related certificate 
unique to the device and the terminal storing a terminal- 
related certificate unique to the terminal which includes 
information regarding a type of terminal, the method com- 
prising the following steps: 

exchanging the device-related and terminal-related cer- 
tificates between the portable information device and 
the terminal during a transaction; 
authenticating the portable information device and the 
terminal to each other using the exchanged device- 
related and terminal-related certificates; 
determining, at the portable information device, a security 
level for the terminal based on the terminal type 
information contained in the terminal-related certificate 
received from the terminal, the security level having an 
associated value limit for a value of the transaction 
conducted during the transactional session; and 
restricting the value of the transaction to the value limit 
associated with the determined security level 
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2. A method as recited in claim 1 and further comprising 
the additional step of encrypting communication between 
the portable information device and the terminal during the 
transaction. 

3. A method as recited in claim 1, wherein the portable 
information device is associated with a user who has a 
unique PIN, and further comprising the following additional 
steps: 

receiving the PIN at the terminal during the transaction; 

passing the PIN from the terminal to the portable infor- 
mation device; and 

authenticating the the user at the portable information 
device. 

4. A method for conducting a transaction between a smart 
card and multiple various types of terminals that are each 
capable of accessing the smart card during the transaction, 
each terminal having at least one resident application stored 
thereon, the method cornprising the following steps: 

storing multiple applications on the sm^carf^the appli- 
catioM^tetn&TcMmTW^ which 
operate in conjunction with a corresponding said resi- 
dent application stored on each of the various termi- 
nals; 

establishmg;multip[£~^ 
typSfof termihluXmesecurity levels having associated 
value limits for limiting a value of any transaction 
conducted on the corresponding terminal type; 

assigning a card-related certificate to the smart card, the 
card-related certificate having a digital signature of a 
certified authority and a public key unique to the smart 
card for use in data encryption; 

assigning terminal-related certificates to the various types 
of terminal, each terminal-related certificate having the 
digital signature of the certified authority and a public 
key unique to the terminal for use in data encryption, 
said each terminal-related certificate also having infor- 
mation regarding the type of terminal; 

assigning an application-related certificate to each appli- 
cation stored on the smart card and to the resident 
applications at the terminals, each application-related 
certificate having the digital signature of the certified 
authority and a public key unique to that application; 

commencing a transactional session between the smart 
card and a particular one of the terminals; 

exchanging the device-related and terminal-related cer- 
tificates between the smart card and the particular 
terminal; 

authenticating the smart card and the particular terminal 
to each other using the exchanged device-related and 
terminal-related certificates; 

determining the security level for particular terminal, at 
the smart card, using the terminal type information 
contained in the terminal-related certificate received 
from the particular terminal; 

selecting a target application from among the multiple 
applications stored on the smart card that is compatible 
with the resident application stored at the particular 
terminal; 

exchanging, between the smart card and the particular 
terminal, the application-related certificates assigned to 
the selected target application stored on the smart card 
and the resident application stored at the particular 
terminal; 

authenticating the target and resident applications using 
their exchanged application-related certificates; 
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conducting the transaction after the target application has 

been authenticated; and 
restricting the value of the transaction to the value limit 

associated with the security level determined for the 
5 particular terminal. 

5. A method according to claim 4 and further cornprising 
associating monetary value limits with the different security 
levels. 

6. A method as recited in claim 4 and further cornprising 
10 the following additional steps: 

associating the smart card with a cardholder; 

assigning a unique PIN to the cardholder; 

inputting the PIN to the particular terminal during the 

transactional session; 
is passing the FIN from the particular terminal to the smart 

card; and 

authenticating the cardholder at the smart card. 

7. A method as recited in claim 6 wherein the multiple 
various terminals are off-line and on-line types of terminals, 

20 the method further comprising the following additional 
steps: 

establishing a first security level that is associated with an 
off-line terminal that has an unexpired terminal-related 
certificate; 

25 establishing a second security level that is associated with 
an on-line terminal that has an unexpired terrninal- 
related certificate, the second security level being of 
higher security than the first security level; 
establishing a third security level that is associated with 
an off-line terminal that has an unexpired terminal- 
related certificate and requires the PIN from the 
cardholder, the third security level being of higher 
security than the second security level; and 

35 establishing a fourth security level that is associated with 
an on-line terminal that has an unexpired terminal- 
related certificate and requires the PIN from the 
cardholder, the fourth security level being of higher 
security than the third security leveL 

40 8. A method as recited in claim 7 and further cornprising 
associating monotonically increasing monetary value limits 
with the first through fourth security levels, respectively. 

9. A method as recited in claim 4 and further comprising 
the additional step of encrypting the application-related 

45 certificates before exchanging them using the public keys 
from the device-related and terminal-related certificates that 
have already been exchanged. 

10. A system comprising: 

a portable information device having a microprocessor 
5Q capable of processing multiple applications, the por- 
table information device having an associated device- 
related certificate; 
multiple terminals of various types capable of accessing 
the portable information device, the terminals having 
55 associated security levels wherein the security levels 
have associated value limits for a value of a transaction, 
each terminal having an associated terminal-related 
certificate which contains information pertaining to the 
terminal type; 

60 means for exchanging the device-related and terminal- 
related certificates between a particular terrninal and 
the portable information device; and 
the portable information device having means for deter- 
mining the security level for a particular terminal based 

65 upon the terminal type information contained in a 
terminal-related certificate associated with the particu- 
lar terminal. 
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11. A system as recited in claim 10 wherein the portable 
information device comprises a smart card. 

12. A system as recited in claim 10 wherein the portable 
information device comprises a portable personal digital 
assistant 

13. A system as recited in claim 10 wherein the portable 
information device comprises an electronic watch. 

14. A system as recited in claim 10 wherein the portable 
information device has a file system for managing multiple 
files. 

15. A system as recited in claim 10 and further comprising 
an input mechanism at the terminal to enable a cardholder to 
enter a PIN, the terminal transferring the PIN to the portable 
information device so that the authentication means can 



10 



cation ■ output to:the :ternnnal-and:t O-de^i y pt commun ication 
^r^eive^rronvSeTteniiifiaL 

18. A portable information device as recited in claim 16 
wherein the memory stores a PIN of an associated user, the 
processor is further programmed to receive a PIN from the 
terminal and to authenticate the user based upon the received 
PIN. 

19. A portable information device as recited in claim 16 
wherein the memory stores multiple applications and one of 
the applications comprises a rile system capable of manag- 
ing multiple files. 

20. Computer-readable media resident at the portable 
information device and the terminal having computer- 



verify the authenticity of the cardholder to the portable 15 executable instructions for performing the steps in the 



information device. 

16. A portable information device for use in transactions 
with a terminal, the portable information device comprising: 

a memory for storing at least one application; 



method recited in claim 1. 

21. In a system involving a transaction between a portable 
information device and a terminal, a computer-readable 
media provided at the portable information device having 



25 



a processor programmed to: (1) receive a terminal-related 20 computer-executable instructions for performing the follow- 
certificate from the terminal, the terminal-related cer- 
tificate containing information pertaining to the type of 
terrnmal;y(2)>iauthenticl^ 

recdv^-tenrn^^related cer^caJte;z(3) :: anaTyze~ the 7 
terminal type from the ^informatio n contain ed . in .the 
terminal-related certificate: and~(4)4imit any transac- 
tion to~a selected monetary amount based upon thejhe' 
type of terminal. 
17. A portable information device as recited in daimj.6^ 
wherein t^prpcessc*^ 



ing steps: 

receiving a certificate from the terminal, the certificate 
containing information pertaining to a type of terminal; 
analyzing the terminal type from the information con- 
tained in the certificate; and 
limiting any transaction with the terminal to a selected 
value based upon the type of terminal. 
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